John Web3

@bichistriver @code4rena Good job

Receiving my first bbp payout on @code4rena

I just found a confirmed bug on @immunefi #immunefitribe immunefi.com/s/ss/?severity…

We should not allow this to become the new norm in security research. This must change. gist.github.com/marikravets/28… #BugBounty #CryptoSecurity #Web3 #SecurityResearch @cantinaxyz @MonadOfficvn @monad @bountywriteups @VitalikButerin

Almost half the researchers at RareSkills are from Nigeria. If you can’t find good talent there, it’s a skill issue with recruitment, not a country problem.

⚠️A critical vulnerability (GHSA-vjh7-7g9h-fjfh) has been discovered in the widely-used elliptic encryption library. 😈Attackers can exploit this flaw by crafting specific inputs to extract private keys with just a single signature, potentially compromising digital assets or identity credentials. ✍️In our latest article, we break down the vulnerability—its root cause, impact, and how to mitigate the risks. ❤️Special thanks to @Rabby_io for providing the vulnerability intelligence. 🔗Read the full analysis here: slowmist.medium.com/private-key-le…

Bybit (@Bybit_Official) has received $172.5M in loans from various exchanges/institutions to manage customer withdrawals in the past 7 hours, including: • 40,000 $ETH ($107M) from Bitget (@bitgetglobal) • 12,652 $stETH ($33.9M) from a #MEXC’s hot wallet • 11,800 $ETH ($31.6M) from a #Binance’s hot wallet Follow @spotonchain and track the related entities in the recent #Bybit hack at: 1/ Bybit Exploiter entity: platform.spotonchain.ai/en/entity/2440 2/ Bybit’s Cold wallet: platform.spotonchain.ai/en/profile?add…

Update on Safe{Wallet} Restart The Safe{Wallet} UI displayed the correct-appearing transaction information according to ByBit, yet a malicious transaction that had all valid signatures was executed onchain. Our investigation so far shows: • No codebase breach found: The Safe codebase was checked thoroughly, and no evidence of a breach or modification was found. • No malicious dependencies identified: No signs of a malicious dependency in the Safe codebase affecting the transaction flow (i.e. supply-chain attack). • No unauthorised access to the infrastructure was detected in the logs. • No other Safe address has been affected As stated earlier, we have paused Safe{Wallet} functionalities temporarily to ensure absolute confidence in our platform’s security. Although our investigation shows no evidence that the Safe{Wallet} frontend itself was compromised, we’re conducting a thorough review. Some of the actions include: • Reviewing all of our service configurations • Rotating all our infrastructure credentials • Rebuilding our containers and reapply all our configurations • Conducting a codebase audit with external security researchers We are committed to bringing Safe{Wallet} back up as soon as possible.

AUDITOR Roadmap github.com/Quillhash/Quil…

@CyversAlerts Link not working

We’ve uncovered brand new, exclusive insights into the CoinPoker #hack—featuring details from #Fireblocks and other sources that shed light on this $2M breach. 📥 Get your copy: cyvers.ai/coinpokers-hac… Our #CoinPoker case study breaks down the attack step-by-step, from the exploited loopholes to key takeaways every platform needs to know. #Web3 #cybersecuritytips #Casestudy #CryptoNews

Indonesian crypto exchange @indodax suffered an attack a few hours ago, with the hacker stealing various tokens from hot wallets. The total loss is approximately $22 million💸. And @indodax is lying to their users giving them a false guarantee that their money is 100% safe

@HendikC61588 @indodax @frshzrnmln Nooo your balance is not safe You guys have been hacked @indodax stop lying to your people

@indodax @frshzrnmln Baik makasih infonya indodax

Halo Member INDODAX, Kami ingin menginformasikan bahwa team security kami menemukan potensi indikasi keamanan pada platform kami. Saat ini, kami sedang melakukan pemeliharaan menyeluruh untuk memastikan seluruh sistem beroperasi dengan baik. Selama proses pemeliharaan ini, platform web dan aplikasi INDODAX sementara tidak dapat diakses. Namun jangan khawatir, dapat kami pastikan bahwa saldo Anda tetap 100% aman baik secara kripto maupun rupiah. Kami berterima kasih atas kesabaran dan kepercayaan yang telah Anda berikan. Proses ini kami lakukan demi menjaga keamanan dan kenyamanan transaksi Anda. Kami akan segera memberikan pembaruan informasi lanjutan setelah investigasi selesai dilakukan. Salam, INDODAX – Indonesia Bitcoin & Crypto Exchange

@indodax This is a big lie their platform has been hacked and funds stolen up to $21,000,000 Tell your customers the truth

@SlowMist_Team @indodax How did it happen

🚨SlowMist Security Alert🚨 Indonesian crypto exchange @indodax suffered an attack a few hours ago, with the hacker stealing various tokens from hot wallets. The total loss is approximately $22 million💸. Below are the details of the losses⬇️

@bertcmiller @danrobinson Learn How do deploy a Mev bot 👇 Smartcontractcode.net/mev

@danrobinson Almost 4 years ago now we wrote this on redistribution medium.com/flashbots/fron…

The debate about whether MEV should go to L1s, L2s, or apps is somewhat missing the point MEV should go to the user it came from. And I think in the winning system, to the extent possible, it will